On Tue, Jan 28, 2014 at 11:07:03PM +0000, Nordgren, Bryce L -FS wrote:
Well, I guess the title is a little misleading. The ldap connection
is working like a champ. I configured sssd to bind using my own credentials, and
that's working. The searches are successful and return the correct result.
Things I don't understand:
* Sssd performs two ldap searches for my username, not one.
* Using wireshark, I don't even see it trying to bind to AD using the account
it finds (twice).
* sssd fails to authenticate me, but the logs seems to indicate to me that
everything it tried succeeded.
This is on a VM with a minimal install of Fedora 19. The setup roughly follows
https://fedorahosted.org/sssd/wiki/Configuring%20sssd%20to%20authenticate...
with local modifications to enable id mapping. I'm attaching edited versions of
sssd.conf, sssd_pam.log, sssd_nss.log, and the output of wireshark (stupidly named
sssd.log.) pam and nss are both at debug level 9.
I think the most important log would be the one from the back end,
generated by including debug_level in the [domain] section.
Any reason why you set the principal to cn and not userPrincipalName ?